Cyber Incident Victim: Juva Skin & Laser Center

The LockBit ransomware group listed Juva Skin & Laser Center, a New York-based healthcare provider, on its dark web leak site around January 2023, alleging a compromise of the organization’s systems. This public listing indicated LockBit’s claim of unauthorized access to Juva’s data, though the group did not disclose specific details regarding the scope of the intrusion, the type of data exfiltrated, or the initial attack vector. LockBit’s history of targeting healthcare entities provided context for the incident, despite prior claims by affiliate actors that they avoided attacking hospitals. The group had previously executed high-profile attacks against healthcare providers, including the August 2022 breach of Center Hospitalier Sud Francilien in France and a December 2022 incident impacting Toronto’s Hospital for Sick Children (SickKids). In the SickKids case, LockBit later issued an apology and provided a free decryptor, attributing the attack to a rogue affiliate.

Juva Skin & Laser Center did not publicly confirm or deny LockBit’s allegations at the time of reporting, leaving the incident’s validity and operational impact unverified. No details emerged regarding potential service disruptions, data encryption, or patient data exposure specific to Juva. The absence of official statements or breach notifications from the provider contrasted with LockBit’s typical extortion tactics, which often involved threatening to publish stolen data unless a ransom was paid. The U.S. Department of Health and Human Services had previously warned healthcare organizations about LockBit’s adoption of triple extortion techniques, combining encryption, data theft, and harassment campaigns. This incident occurred amid broader ransomware activity targeting healthcare, including a separate January 2023 attack causing outages at Maryland’s Atlantic General Hospital and a December 2022 breach at Lutheran Social Services of Illinois affecting 184,000 individuals.